package com.mla.fastdfs.filter;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.pagehelper.util.StringUtil;
import com.mla.fastdfs.commom.BaseException;
import com.mla.fastdfs.commom.RedisConstant;
import com.mla.fastdfs.commom.Result;
import com.mla.fastdfs.utils.HttpUtil;
import com.mla.fastdfs.utils.RedisUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.util.List;

@Slf4j
public class CheckAutoFilter extends AccessControlFilter {

    @Autowired
    private FilterHandle filterHandle;
    @Autowired
    private RedisUtil redisUtil;

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        HttpUtil.setHeader((HttpServletRequest) request, (HttpServletResponse) response);
        HttpServletRequest httpServletRequest = WebUtils.toHttp(request);
        return "OPTIONS".equals(httpServletRequest.getMethod());
    }


    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;

        String path = httpRequest.getRequestURI();
        if (filterHandle.filterPath(path)) {
            return true;
        }
        String aToken = httpRequest.getParameter("aToken");
        if (StringUtil.isEmpty(aToken)) {
            out(httpResponse, Result.build(1200, "未登录"));
            return false;
        }


        try {
            Object obj = redisUtil.hget(RedisConstant.USERPERMISSION, aToken);
            if (obj == null) {
                throw new BaseException();
            }
            List<String> list = (List<String>) obj;
            if (list.contains("*")) {
                return true;
            }
            if (!list.contains(path)) {
                throw new BaseException();
            }
        } catch (BaseException e) {
            out(httpResponse, Result.build(1200, "权限不足"));
            return false;
        }
        return true;
    }


    /**
     * @描述：response输出json
     */
    public static void out(ServletResponse response, Result result) {
        PrintWriter out = null;
        try {
            response.setCharacterEncoding("UTF-8");
            response.setContentType("application/json");
            out = response.getWriter();
            out.println(new ObjectMapper().writeValueAsString(result));
        } catch (Exception e) {
            log.error("", e);
        } finally {
            if (null != out) {
                out.flush();
                out.close();
            }
        }
    }

}
